The May issue of Hakin9 Magazine is out!

hakin9 May 2014The may issue of Hakin9 Magazine is out!

This month’s magazine includes my article, “Detecting and Exploiting the OpenSSL-Heartbleed Vulnerability”:

“In this article we will discuss how to detect systems that are vulnerable to the OpenSSL-Heartbleed vulnerability and learn how to exploit them using Metasploit on Kali Linux.”

It is a step-by-step tutorial that shows how to detect systems that are vulnerable to the Heartbleed exploit in your organization and also shows how to exploit the bug.

Check out the intro to the article here.

Also in this issue:

What is Reverse Engineering

by Aman Singh

Reverse engineering as this article will discuss it is simply the act of figuring out what software that you have no source code for does in a particular feature or function to the degree that you can either modify this code, or reproduce it in another independent work.

Write Your Own Debugger

by Amr Thabet

Do you want to write your own debugger? Do you have a new technology and see the already known products like OllyDbg or IDA Pro don’t have this technology? … Do you write plugins in OllyDbg and IDA Pro but you need to convert it into a separate application? …

The Logic Breaks Logic

by Raheel Ahmad

People – Process – Technology, your Internet industry is based on these three words as a base of everything including the software market. Think for a second and you will realize that the Software industry is actually driven from the keyboard of a programmer and in reality it’s the logic design by the programmer.

Playing with the Ports Redirection 49

by Davide Peruzzi

Whether you are performing a penetration test or that your goal is to debug an error in your complicated corporate network or, why not, to bypass control of a very restrictive firewall that does not allows to display web pages categorized as “hacking”, the port redirection is a technique as basic as it is powerful.

And much more, check it out!

Advertisements

Detecting OpenSSL-Heartbleed with Nmap & Exploiting with Metasploit

You can now quickly detect the OpenSSL-Heartbleed vulnerability very quickly on a network using the ever popular nmap command, and with the latest modules from Metasploit you can quickly see the exploit in action.

For this tutorial I will be using a WordPress server and Kali Linux running in two separate VMWare virtual machines.

For a vulnerable server, I used one of Turnkey Linux WordPress VMs.  There are security updates available for Turnkey’s WordPress, but during the VM setup, and for this tutorial, I purposefully told the VM NOT to install the security updates so I could test for the OpenSSL vulnerability.

Once the WordPress VM was configured (just answer a few simple questions) I then fired up my Kali Linux VM.

Nmap has created a Heartbleed script that does a great job of detecting vulnerable servers. The script may not be available in your version of Kali, so you may have to manually install it.

Detecting Exploit with Nmap

If the Open-Heartbleed script is not already included in your nmap install, you will need to manually install it.

This is pretty easy, just visit the OpenSSL-Heartbleed nmap Script page, copy and save the nmap nse script file to your nmap “scripts” directory as seen below:

Heartbleed nmap script save

You will also need the nmap “tls.lua” library file, save this to the nmap “nselib” directory as seen below:

Heartbleed nmap tls library

That is it, we can now use the heartbleed script in nmap to detect vulnerable systems.

To use the command the syntax is:

nmap -sV --script=ssl-heartbleed <target>

All we need to plug in is the IP address of our target test WordPress site, 192.168.1.70 in this instance:

heartbleed nmap script command

And if the target machine is vulnerable we will see this:

nmap heartbleed vulnerable detected

State: VULNERABLE
Risk Factor: High

Exploiting with Metasploit

Now that we know we have a vulnerable server, we can use the latest Metasploit OpenSSL-Heartbleed module to exploit it. (Note: you can use the module to detect vulnerable systems also)

Update metasploit to get the latest modules. Just type “msfupdate” at a Kali command prompt:

msfupdate

Now run “msfconsole” to start Metasploit and you will be presented with the Metasploit console:

Metasploit prompt

Next search for the heartbleed modules:

heartbleed search

Notice there are two, we will just be using the scanner.

Type, “use auxiliary/scanner/ssl/openssl_heartbleed“:

heartbleed metasploit module

We are just going to set two options, “set VERBOSE” to true and we need to “set RHOSTS” to our target IP address as seen below:

verbose rhosts

And finally, just “run” the exploit:

heartbleed leaked data

If you click on the picture above, you will see that Metasploit communicated with the server and was able to pull random data from the server’s memory.

The important thing to note here is that it pulls random data from memory. There is no guarantee that you will find account credentials, session cookie data or critical data every time you run this. But the danger is in the fact that it could display sensitive data.

Thus the best practice (if you haven’t already) is to check your systems for the heartbleed vulnerability and patch them immediately. After the systems are patched change any passwords on the effected machines.

As always, never run security scans or checks on systems that you do not own or have approval to scan.

If you enjoyed this tutorial and want to learn more about Kali Linux and Metasploit, check out my latest book on Amazon, “Basic Security Testing with Kali Linux“.